Support STREAMING-AWS4-HMAC-SHA256-PAYLOAD (#64) #156
1 changed files with 0 additions and 4 deletions
|
|
@ -233,10 +233,6 @@ where
|
||||||
return Poll::Ready(Some(Err(SignedPayloadStreamError::Stream(e))))
|
return Poll::Ready(Some(Err(SignedPayloadStreamError::Stream(e))))
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
if this.buf.is_empty() {
|
|
||||||
return Poll::Ready(None);
|
|
||||||
}
|
|
||||||
|
|
||||||
return Poll::Ready(Some(Err(SignedPayloadStreamError::message(
|
return Poll::Ready(Some(Err(SignedPayloadStreamError::message(
|
||||||
"Unexpected EOF",
|
"Unexpected EOF",
|
||||||
))));
|
))));
|
||||||
|
KokaKiwi marked this conversation as resolved
Outdated
|
|||||||
|
|
|
||||||
Loading…
Reference in a new issue
this bit has an invalid edge case : by cutting the stream just before a new chunk header, an attacker can truncate the file without it being rejected. Getting here (inner stream returns None and this.buf is empy) is either such a truncation, or a call to SignedPayloadStream::poll_next after it returned Ok(Ready(None)) once, which is a contract error (
Ok(Ready(None)) means that the stream has terminated, and poll_next should not be invoked again), so this check and return can be safely removed